IAM CI/CD - Support for multiple ECR repositories
This breaking change affects usage of module iam-policies-cicd
Affected versions
- All versions before
iam-policies-cicd-v0.1.0
- All templates referencing
ref=main
The iam-policies-cicd
template referenced ref=33b1985bc730232c18a19d31c0024b71065bcbc8
before iam-policies-cicd-v0.1.0
was released
Rationale
When setting up IAM CI/CD policy documents it is necessary to support more than a single ECR repository.
Previous versions defined a single ARN in ecr_repository_arn
while
iam-policies-cicd-v0.1.0
introduced a list of ECR names in ecr_repository_names
.
Related issues
Manual upgrades
Changes to iam_cicd.tf
. Before:
module "iam_policies_cicd" {
source = "git@github.com:oslokommune/golden-path-iac//terraform/modules/iam-policies-cicd?ref=main"
ecr_repository_arn = "full:arn"
}
After (note the change from a single ARN to a list of repository names):
locals {
ecr_repository_names = ["api-app", "frontend-app"]
}
module "iam_policies_cicd" {
source = "git@github.com:oslokommune/golden-path-iac//terraform/modules/iam-policies-cicd?ref=iam-policies-cicd-v0.1.0"
ecr_repository_names = local.ecr_repository_names
}
Commit and push changes.
After upgrade
After doing the changes above, the next Terraform plan should include these changes:
aws_iam_policy.ecr_read_write
will be destroyed- One
aws_iam_policy.ecr_read_write
resource per application defined inecr_repository_names
will be created - Changes to
module.iam_assumable_role_github_oidc
, this can depend on your setup